# Note: The lines starting with # are ignored. To enable any of the
# configuration options below, remove # from the beginning of a respective line.

[EAP]
mtu=1400

[EAPoL]
max_4way_handshake_time=5

[General]
#
# Enable/Disable sending EAPoL packets over NL80211.  Enabled by default if
# kernel support is available.  Doing so sends all EAPoL traffic over directly
# to the supplicant process (iwd) instead of putting these on the Ethernet
# device.  Since only the supplicant can usually make sense / decrypt these
# packets, enabling this option can save some CPU cycles on your system and
# avoids certain long-standing race conditions.
#
# Note, iwmon cannot currently spy on unicast packets sent over netlink, so
# if you need to capture EAPoL packets (e.g. for debugging) then this option
# should be set to False.
control_port_over_nl80211=True
#
# Set the threshold RSSI for roaming (default -70)
roam_rssi_threshold=-70
#
# Do not allow iwd to destroy / recreate wireless interfaces at startup,
# including default interfaces.  Enable this behavior if your wireless card
# driver is buggy or does not allow such an operation, or if you do not want
# iwd to manage netdevs for another reason.  For most users with an upstream
# driver it should be safe to omit/disable this setting.
# use_default_interface=true

#
# Explicitly enforce/disable management frame protection
#
# 0 - Disable management frame protection
# 1 - Set management frame protection capable (default)
# 2 - Management frame protection required
#
# management_frame_protection=1

#
# Enable/disable ANQP queries. The way IWD does ANQP queries is dependent on
# a recent kernel patch (available in Kernel 5.3). If your kernel does not have
# this functionality this should be disabled (default). Some drivers also do a
# terrible job of sending public action frames (freezing or crashes) which is
# another reason why this has been turned off by default. All aside, if you want
# to connect to Hotspot 2.0 networks ANQP is most likely going to be required
# (you may be able to pre-provision to avoid ANQP).
#
# disable_anqp=true

#
# Control the behavior of MAC address randomization by setting the
# mac_randomize option.  iwd supports the following options:
#   "default" - Lets the kernel assign a mac address from the permanent mac
#   address store when the interface is created by iwd.  Alternatively,
#   if the 'use_default_interface' is set to true, then the mac address is
#   not touched.
#   "once" - MAC address is randomized once when iwd starts.  If
#   'use_default_interface' is set to true, only the interface(s) managed
#   by iwd will be randomized.
#
# One can control which part of the address is randomized using
# mac_randomize_bytes option.  iwd supports the following options:
#   "nic" - Randomize only the NIC specific octets (last 3 octets).  Note that
#   the randomization range is limited to 00:00:01 to 00:00:FE.  The permanent
#   mac address of the card is used for the initial 3 octets.
#   "full" - Randomize the full 6 octets.  The locally-administered bit will
#   be set.
#
# mac_randomize=default
# mac_randomize_bytes=full

[Scan]
#
# Disable periodic scan. Setting this option to 'true' will prevent iwd from
# issuing the periodic scans for the available networks while disconnected.
# The behavior of the user-initiated scans isn't affected.
# The periodic scan is enabled by default.
#
# disable_periodic_scan=false
#

#
# Disable roaming scan. Setting this option to 'true' will prevent iwd from
# issuing the roaming scans for the available networks while connected.
# The behavior of the user-initiated scans isn't affected.
# The roaming scan is enabled by default.
#
# disable_roaming_scan=false
#

#
# Disable MAC address randomization. Setting this option to 'true' will prevent
# the capable network adapters from randomizing MAC addresses during the active
# scans for networks, thus decreasing user privacy.
# The MAC address randomization is enabled by default.
#
# disable_mac_address_randomization=false
#

[Blacklist]
#
# Configure BSS blacklist time/multipler/max. If a connection to a BSS fails for
# whatever reason we can avoid connecting to this BSS in the future by
# blacklisting it. These three options configure how long a BSS is blacklisted
# for.
#
# bss_blacklist_time -       The initial timeout for a blacklisted BSS in
#                            seconds (default 60)
# bss_blacklist_multiplier - What bss_blacklist_time is multiplied by after
#                            future unsuccessful connection attempts in
#                            seconds (default 30)
# bss_blacklist_max_time -   The maximum time a BSS can be blacklisted for in
#                            seconds (default 86400)
#
# bss_blacklist_time=60
# bss_blacklist_multiplier=30
# bss_blacklist_max_time=86400

[Rank]
#
# Manually specify a 5G ranking factor. 5G networks are already preferred but
# only in terms of calculated data rate, which is RSSI dependent. This means it
# is still possible for IWD to prefer a 2.4GHz AP in the right conditions.
# This ranking provides a way to further weight the ranking towards 5G if
# required. Also, a lower 5G factor could be used to weight 2.4GHz if that is
# desired. The default is 1.0, which does not affect the calculated ranking.
#
# rank_5g_factor=1.0